[Openswan Users] Help with WinXP behind NAT as client

Leonard Tulipan l.tulipan at mpwi.at
Fri Mar 26 13:09:47 CET 2004


I think I am finally getting somewhere.
I have changed my ipsec.conf to look like this:

version 2.0

config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        uniqueids=yes

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        leftcert=GatewayCert.pem

conn roadwarrior-net
        leftsubnet=192.168.118.0/24
        also=roadwarrior

conn roadwarrior
        right=%any
        rightid="C=AT, L=Wien, O=Schneller Scharau 5th Mind, CN=VPNusr1"
        left=%defaultroute
        auto=add
        pfs=yes

I now use the iVPN GUI tool from sourceforge to manage the connection on the WinXP side.

Now when I connect I see

Mar 26 12:58:56 firewall pluto[24011]: packet from 100.100.100.100:500: received Vendor ID Payload; ASCII hash: \036+Qi\005\031\034}|\026|?5\007da
Mar 26 12:58:56 firewall pluto[2401]: packet from 100.100.100.100:500: received Vendor ID Payload; ASCII hash: @H7Un<h\005%g^\177
Mar 26 12:58:56 firewall pluto[24011]: packet from 100.100.100.100:500: received Vendor ID Payload; ASCII hash: \020K
Mar 26 12:58:56 firewall pluto[24011]: packet from 100.100.100.100:500: received Vendor ID Payload; ASCII hash: &$M8m[a3\027*6cPO8\031
Mar 26 12:58:56 firewall pluto[24011]: "roadwarrior"[1] 100.100.100.100 #1: responding to Main Mode from unknown peer 100.100.100.100
Mar 26 12:58:56 firewall pluto[24011]: "roadwarrior"[1] 100.100.100.100 #1: Peer ID is ID_DER_ASN1_DN: 'C=AT, L=Wien, O=Schneller Scharau 5th Mind, CN=VPNusr1'
Mar 26 12:58:56 firewall pluto[24011]: "roadwarrior"[1] 100.100.100.100 #1: no suitable connection for peer 'C=AT, L=Wien, O=Schneller Scharau 5th Mind, CN=VPNusr1'
Mar 26 12:58:56 firewall pluto[24011]: "roadwarrior"[1] 100.100.100.100 #1: sending encrypted notification INVALID_ID_INFORMATION to 100.100.100.100:500
Mar 26 12:59:16 firewall pluto[24011]: "roadwarrior"[1] 100.100.100.100 #1: ignoring Delete SA payload: ISAKMP SA not established

I then replaced the line righid=.. with
        rightcert=VPNusr1Cert.pem
 
And I still get the no suitable message from above. So this looks like it doesn't like my certificate, right?
Any ideas how I can get it to accept this. I suspect I am very close to finally getting it to work.

Cheers
Leonard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20040326/dfabd858/attachment.htm


More information about the Users mailing list